> Hi Snort Users
>> I am trying to create some rules for the following condition:
>> I have a network 1.1.1.1/20 (bogus IP !), and I want that all ICMP pings
> from this network not be recorded im my sql database, however i want that
> the icmp ping from another network be recorded.
>> I know that have to use the "pass rules" but my rules are not working...
>> ex:
> my local.rules
>> pass icmp any any <> 1.1.1.1/20 any ( not working)
> pass icmp any any -> 1.1.1.1/20 any ( not working)
>> for while i disable de "ICMP ping" and "ICMP ping undefined" code rules
> set, but is not the ideal...
>> Sugestions ????
>>> Best Regards from Bahia/Brasil
>> Hever Costa Rocha
> N.O.C
> 55 (73) 234-3029
> 55 (73) 9133-0107
> email: hever at ...5283...> www.itcbrasil.com.br
>